FreeIPA - Password Expiration

Prashant Bapat prashant at
Tue Apr 5 07:07:30 EDT 2016


I'm trying to configure Shibboleth IdP (ver 3.2.1) to authenticate against
FreeIPA's LDAP component. So far authentication and attribute release is

When I tried to configure the password expiration, it does not work. I
tried the "account state" section of
but could not get it it working.

FreeIPA has an user attribute "krbPasswordExpiration" which is the time
when the password expires.

How to use this attribute for redirecting the user to the password
expiration page ?

Looking at Ldaptive's GIT <>,
there is a FreeIPAAuthenticationResponseHandler
in the latest version. Is it advisable to use this ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list